Manage Windows computers on Intune without email accounts

It is possible to manage Windows devices in Intune without assigning email accounts or giving access to internal company resources. You can do this by setting up a separate Azure AD tenant specifically for this use case and assigning Intune licenses to that tenant. Devices can be enrolled using Windows Autopilot, manual enrollment, or other supported methods without needing individual user email accounts. You can configure device-based policies for updates, Microsoft Defender, software deployment, and compliance settings. Users can log in using local accounts or generic Azure AD accounts if needed, but they won't have access to your VPN, email, or other corporate services. This setup allows you to manage the devices entirely through Intune while keeping them isolated from your main organization.